I've been looking at the evaluate operator when doing queries using Azure Log Analytics, in particular with the autocluster plugin (but I seem to have the same problem even with preview and diffpatterns).
If I have a query accessing the resource directly (including all tables or just one) it works fine. But if I do the same query across several apps or workspaces. I get an error message:
One or more pattern references were not declared. Detected pattern references: Support
The use of app() or workspace() scope function seems to be the problem- not doing a union to query across several resources.
This doesn't work:
workspace("vmPROD").Perf
| evaluate autocluster()
Neither does this:
app("someService").traces
| evaluate autocluster()
This works:
Perf
| evaluate autocluster()
The problem is that I want to evaluate across resources. At first I thought it might be a scope function limitation, but table() - also a scope function, works.
This works:
table("Perf")
| evaluate autocluster()
How can i work around this limitation? Is this a bug? There is nothing in the documentation that mentions this limitation.
